Fixes to allow calico-rr to work on separate node
This commit is contained in:
Josh Conant
Brad Beam
parent
a10ccadb54
commit
1fdde8f44b
5 changed files with 15 additions and 14 deletions
|
|
@ -45,7 +45,7 @@
|
||||||
- { role: kargo-defaults}
|
- { role: kargo-defaults}
|
||||||
- { role: etcd, tags: etcd, etcd_cluster_setup: true }
|
- { role: etcd, tags: etcd, etcd_cluster_setup: true }
|
||||||
|
|
||||||
- hosts: k8s-cluster
|
- hosts: etcd:calico-rr:k8s-cluster
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kargo-defaults}
|
- { role: kargo-defaults}
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@
|
||||||
sync_file_hosts: "{{ groups.etcd }}"
|
sync_file_hosts: "{{ groups.etcd }}"
|
||||||
sync_file_is_cert: true
|
sync_file_is_cert: true
|
||||||
with_items: "{{ etcd_master_cert_list|d([]) }}"
|
with_items: "{{ etcd_master_cert_list|d([]) }}"
|
||||||
|
when: inventory_hostname in groups.etcd
|
||||||
|
|
||||||
- name: sync_etcd_certs | Set facts for etcd sync_file results
|
- name: sync_etcd_certs | Set facts for etcd sync_file results
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,3 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: etcd
|
|
||||||
- role: docker
|
|
||||||
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.calico_rr }}"
|
file: "{{ downloads.calico_rr }}"
|
||||||
|
|
|
||||||
|
|
@ -217,7 +217,7 @@
|
||||||
"kind": "bgpPeer",
|
"kind": "bgpPeer",
|
||||||
"spec": {"asNumber": "{{ item.as }}"},
|
"spec": {"asNumber": "{{ item.as }}"},
|
||||||
"apiVersion": "v1",
|
"apiVersion": "v1",
|
||||||
"metadata": {"node": "{{ inventory_hostname }}", "scope": "node", "peerIP": "{{ item.router_id }}"}
|
"metadata": {"node": "{{ inventory_hostname.split(".")[0] }}", "scope": "node", "peerIP": "{{ item.router_id }}"}
|
||||||
}'
|
}'
|
||||||
| {{ bin_dir }}/calicoctl create -f -
|
| {{ bin_dir }}/calicoctl create -f -
|
||||||
with_items: "{{ peers|default([]) }}"
|
with_items: "{{ peers|default([]) }}"
|
||||||
|
|
@ -230,9 +230,11 @@
|
||||||
"kind": "bgpPeer",
|
"kind": "bgpPeer",
|
||||||
"spec": {"asNumber": "{{ local_as | default(global_as_num)}}"},
|
"spec": {"asNumber": "{{ local_as | default(global_as_num)}}"},
|
||||||
"apiVersion": "v1",
|
"apiVersion": "v1",
|
||||||
"metadata": {"node": "{{ inventory_hostname }}",
|
"metadata": {
|
||||||
|
"node": "{{ inventory_hostname.split(".")[0] }}",
|
||||||
"scope": "node",
|
"scope": "node",
|
||||||
"peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(hostvars[item]["ansible_default_ipv4.address"]) }}"}
|
"peerIP": "{{ hostvars[item]["calico_rr_ip"] | default(hostvars[item]["ip"]) | default(hostvars[item]["ansible_default_ipv4"]["address"]) }}"
|
||||||
|
}
|
||||||
}'
|
}'
|
||||||
| {{ bin_dir }}/calicoctl create --skip-exists -f -
|
| {{ bin_dir }}/calicoctl create --skip-exists -f -
|
||||||
with_items: "{{ groups['calico-rr'] | default([]) }}"
|
with_items: "{{ groups['calico-rr'] | default([]) }}"
|
||||||
|
|
@ -254,7 +256,7 @@
|
||||||
peer_with_router|default(false) and inventory_hostname in groups['k8s-cluster'])
|
peer_with_router|default(false) and inventory_hostname in groups['k8s-cluster'])
|
||||||
|
|
||||||
- name: Calico (old) | Configure peering with route reflectors
|
- name: Calico (old) | Configure peering with route reflectors
|
||||||
shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ hostvars[item]['calico_rr_ip']|default(hostvars[item]['ip'])|default(hostvars[item]['ansible_default_ipv4.address']) }} as {{ local_as | default(global_as_num) }}"
|
shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ hostvars[item]['calico_rr_ip'] | default(hostvars[item]['ip']) | default(hostvars[item]['ansible_default_ipv4']['address']) }} as {{ local_as | default(global_as_num) }}"
|
||||||
with_items: "{{ groups['calico-rr'] | default([]) }}"
|
with_items: "{{ groups['calico-rr'] | default([]) }}"
|
||||||
when: (legacy_calicoctl and
|
when: (legacy_calicoctl and
|
||||||
peer_with_calico_rr|default(false) and inventory_hostname in groups['k8s-cluster']
|
peer_with_calico_rr|default(false) and inventory_hostname in groups['k8s-cluster']
|
||||||
|
|
|
||||||
|
|
@ -30,13 +30,14 @@
|
||||||
register: sync_file_key_stat
|
register: sync_file_key_stat
|
||||||
when: sync_file_is_cert|d()
|
when: sync_file_is_cert|d()
|
||||||
|
|
||||||
|
# .get() is used for situations where not all nodes in sync_file_srcs are included in current play
|
||||||
- name: "sync_file | Combine all possible file sync sources"
|
- name: "sync_file | Combine all possible file sync sources"
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_file_srcs: "{{ sync_file_srcs|default([]) + [host_item] }}"
|
sync_file_srcs: "{{ sync_file_srcs|default([]) + [host_item] }}"
|
||||||
with_items: "{{ sync_file_hosts | unique }}"
|
with_items: "{{ sync_file_hosts | unique }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: host_item
|
loop_var: host_item
|
||||||
when: hostvars[host_item]["sync_file_stat"]["stat"]["exists"]|bool
|
when: hostvars[host_item].get("sync_file_stat", {}).get("stat", {}).get("exists")
|
||||||
|
|
||||||
- name: "sync_file | Combine all possible key file sync sources"
|
- name: "sync_file | Combine all possible key file sync sources"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
@ -44,22 +45,22 @@
|
||||||
with_items: "{{ sync_file_hosts | unique }}"
|
with_items: "{{ sync_file_hosts | unique }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: host_item
|
loop_var: host_item
|
||||||
when: sync_file_is_cert|d() and hostvars[host_item]["sync_file_key_stat"]["stat"]["exists"]|bool
|
when: sync_file_is_cert|d() and hostvars[host_item].get("sync_file_key_stat", {}).get("stat", {}).get("exists")
|
||||||
|
|
||||||
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
||||||
set_fact:
|
set_fact:
|
||||||
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
_: "{{ sync_file_srcs.remove(inventory_hostname) }}"
|
||||||
when: >-
|
when: >-
|
||||||
sync_file_srcs|d([])|length > 1 and
|
inventory_hostname in sync_file_srcs|d([]) and
|
||||||
inventory_hostname != sync_file_srcs|first and
|
inventory_hostname != sync_file_srcs|first and
|
||||||
sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first]["sync_file_stat"]["stat"]["checksum"]
|
sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first]["sync_file_stat"]["stat"]["checksum"]
|
||||||
|
|
||||||
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
||||||
set_fact:
|
set_fact:
|
||||||
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
_: "{{ sync_file_srcs.remove(inventory_hostname) }}"
|
||||||
when: >-
|
when: >-
|
||||||
sync_file_is_cert|d() and
|
sync_file_is_cert|d() and
|
||||||
sync_file_key_srcs|d([])|length > 1 and
|
inventory_hostname in sync_file_srcs|d([]) and
|
||||||
inventory_hostname != sync_file_key_srcs|first and
|
inventory_hostname != sync_file_key_srcs|first and
|
||||||
sync_file_key_stat.stat.checksum != hostvars[sync_file_srcs|first]["sync_file_key_stat"]["stat"]["checksum"]
|
sync_file_key_stat.stat.checksum != hostvars[sync_file_srcs|first]["sync_file_key_stat"]["stat"]["checksum"]
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue